Hi, Today, I will explain how to enable the Fast First Sign In policy (EnableFastFirstSignIn) under Authentication in the Intune Settings Catalog. The settings catalog combines all configurable settings in one place, simplifying policy creation and the visibility of available settings. The EnableFastFirstSignIn policy helps users sign in quickly on Shared PCs.
This policy is designed for use on shared PCs to provide users with a faster first sign in experience. It automatically links new non-admin Microsoft Entra accounts to pre-configured local accounts, user accounts already added to the device.
In Microsoft Intune, the EnableFastFirstSignIn policy helps administrators speed up the first sign in process for new users on Windows devices. This feature automatically fills in some fields during the first login, which can reduce the amount of information users need to enter manually.
Administrators should consider pre-filling user information during the first sign in to improve user onboarding and address potential privacy concerns. This policy is located in Intune’s Windows Hello for Business settings, which let administrators enable or disable the feature for managed devices.
Table of Contents
What is Authentication?
Authentication is an important process that confirms a user’s identity before granting access to a system or service. We can enhance security and protect systems, data, and networks from attacks by applying effective authentication.
What are the Three Steps Involved in Authentication?
The authentication process consists of three main steps, which are given below in brief:
Identification: Users identify themselves with a username.
Authentication: Users confirm their identity by entering a password. Organizations may also require additional proof, like a phone or fingerprint to improve security.
Authorization: The system checks whether users can access the system.
Policy CSP – Authentication
The Policy Configuration Service Provider (CSP) allows enterprises to set policies for Windows 10 and Windows 11. Use this service provider to establish any company policies.
./Device/Vendor/MSFT/Policy/Config/Authentication/EnableFastFirstSignIn
- Top 83 Windows 11 Desktop Admin Interview Questions
- Intune Scope Tags Implementation Guide For Admins
- Passwordless Authentication Now Users Can Sign-In With A TAP
Allowed Values
Intune provides a list of allowed values for each configuration setting. This helps maintain stability and avoid invalid inputs. The table below shows the allowed values of the EnableFastFirstSignIn under Authentication in the Intune Settings Catalog.
Value | Details |
---|---|
0 (Default) | The feature defaults to the existing SKU and device capabilities. |
1 | Enabled. Auto-connect new non-admin Microsoft Entra accounts to pre-configured candidate local accounts. |
2 | Disabled. Don’t auto-connect new non-admin Microsoft Entra accounts to pre-configured local accounts |
Procedure for Enable Fast First Sign In Policy in the Intune Settings Catalog
First, sign in to the Microsoft Intune Admin Center with your admin account to enable the Fast First Sign In Policy in Microsoft Intune. Then, go to Devices, select Windows, and click on Configuration. Choose +Create and pick the +New policy.
- MS Intune Admin Center > Devices > Windows > Configuration > + Create > +New Policy
- Platform: Windows 10 and later
- Profile type: Settings catalog
- Click Create
The Basics section is the first step in configuring a policy in Intune. Here, we can set the policy name and add a Description, which helps identify the policy later. In this case, the Policy Name is EnableFastFirstSignIn.
- Description: This policy is designed for use on shared PCs to provide a faster first sign in experience for users.
- Click Next to proceed.
The second step is the Configuration settings. From here, we can choose settings by clicking Add settings to browse or search the catalog for the settings we want to configure.
Upon clicking Add Settings, a new window for the Settings picker appears. From the settings picker, I selected Authentication as a category. Then, I selected the setting Enable Fast First Sign In to configure.
The next window shows the selected policy as a default value (0) description, stating that the feature defaults to the existing SKU and device capabilities enabled. Click Next to proceed to the third step, Scope Tags.
Scope tags organize and control access to Intune resources such as profiles, apps, and policies. They help administrators manage resources by department, function, or location. If no specific scope tag is assigned, a default tag is used. If your tenant has custom scope tags, select them based on your policy needs.
- Click Next to continue.
When assigning the configuration policy to the device groups, click Add Groups under Included groups and choose the device group you wish to include from the Included Groups section. This is a very important input in this setup.
- For this policy I select Test_HTMD_Policy as a device group.
Hit to Next
After assigning the policy to the correct device group, you will reach the Review + Create page. This step allows you to review all your settings and configurations before finalizing. If you want to change anything, you can edit it by clicking the Previous option, and after finalizing the change, click Create.
- A notification will be displayed saying that the Policy EnableFastFirstSignIn was created successfully.
Monitoring Status
First, open the policy from the Configuration section to check the monitoring status of a created policy. Before doing this, ensure you sync your device with the Company Portal to speed up the policy configuration process. Once completed, you will see the successful results on the Device configuration profile page.
- Navigate to Devices > Windows > Configuration > Search for the EnableFastFirstSignIn configuration policy.
- The policy’s deployment status will appear under the Device and user check-in status.
Client Side Verification
MDM PolicyManager is setting the policy EnableFastFirstSignIn under the Authentication area. To confirm the successful event log, navigate to the Application and Service Logs: Microsoft > Windows >Select the Device Management Enterprise Diagnostics Provider.
- The successful Event ID of the EnableFastFirstSignIn Policy is 813.
MDM PolicyManager: Set policy int, Policy: (EnableFastFirstSignIn), Area: (Authentication), EnrollmentID requesting merge: (B1E9301C-8666-412A-BA2F-3BF8A55BFA62), Current User: (Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0).
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and leader of the Local User Group Community. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.